Privacy Policy

Last updated: March 20, 2026

This Privacy Policy explains how ClawBro.ai ("ClawBro," "we," "us," or "our") collects, uses, discloses, and protects personal data in connection with the ClawBro website, hosted environments, support channels, billing flows, and related services (collectively, the "Service").

1. Scope

This Privacy Policy applies when we act as the controller of personal data in connection with the Service. It does not govern the privacy practices of third-party services, model providers, APIs, payment processors, or websites that you choose to connect to or use through your hosted environment.

2. Information We Collect

2.1 Information You Provide

We may collect:

  • account information such as name, email address, login credentials, and profile information;
  • billing information and transaction details, though payment card processing is handled by our payment processor;
  • communications you send to us, including support requests and feedback;
  • Customer Content and files stored in your hosted environment; and
  • information you provide when connecting third-party services.

2.2 Information We Collect Automatically

We may automatically collect:

  • log data such as IP address, browser type, operating system, timestamps, and request information;
  • device and usage data such as pages viewed, actions taken, session data, approximate location derived from IP, and diagnostic information;
  • security telemetry used to detect abuse, fraud, misuse, or service instability; and
  • cookie and similar technology data as described below.

2.3 Information from Third Parties

We may receive information from service providers and third parties such as payment processors, authentication providers, cloud infrastructure vendors, analytics providers, and connected services you authorize.

3. How We Use Personal Data

We may use personal data to:

  1. provide, operate, maintain, and secure the Service;
  2. create and manage accounts, subscriptions, billing, and support;
  3. provision and maintain your hosted environment;
  4. process transactions and prevent fraud, abuse, or misuse;
  5. troubleshoot bugs, improve reliability, and develop new features;
  6. communicate with you about the Service, security, billing, support, and policy updates;
  7. comply with legal obligations and protect rights, safety, and property; and
  8. create aggregated or de-identified analytics that do not identify you personally.

4. How We Handle Customer Content

We do not use Customer Content to train our own models.

We may access limited Customer Content only on a need-to-know basis where necessary to:

  • respond to support requests you initiate;
  • maintain or secure the Service;
  • investigate suspected abuse, fraud, or security incidents;
  • comply with applicable law, regulation, legal process, or enforceable governmental request; or
  • act with your authorization.

If you choose to connect third-party model providers, APIs, or external services, those third parties may process data under their own terms and privacy policies.

5. Legal Bases for Processing (EEA/UK Where Applicable)

Where applicable under the GDPR or similar laws, we process personal data on the basis of one or more of the following:

  • performance of a contract;
  • legitimate interests, such as operating, securing, and improving the Service;
  • consent, where required; and
  • compliance with legal obligations.

6. How We Share Personal Data

We may share personal data with:

  1. service providers that help us operate the Service, such as hosting, support, communications, analytics, security, and payment vendors;
  2. professional advisors, auditors, insurers, and legal counsel where reasonably necessary;
  3. law enforcement, regulators, courts, or other parties where required by law or reasonably necessary to protect rights, safety, and the Service;
  4. third parties where you direct us to share data or where you connect third-party services.

We do not sell personal information. We do not use Customer Content for advertising.

7. Cookies and Similar Technologies

We may use essential, functional, analytics, and similar technologies to operate the Service, remember preferences, secure sessions, and understand usage patterns.

Where required by applicable law, we will obtain consent before using non-essential cookies or similar technologies. You can control cookies through your browser settings, though some Service features may not function properly if cookies are disabled.

8. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, comply with law, resolve disputes, enforce agreements, and protect the Service.

As a general guideline:

  • account and subscription records are retained while your account is active and for a reasonable period afterward;
  • billing and tax records may be retained for up to 7 years or longer where required by law;
  • support communications may be retained for support quality, training, and dispute handling;
  • logs and security telemetry may be retained for up to 12 months or longer where reasonably necessary for security or compliance; and
  • Customer Content is generally scheduled for deletion within 30 days after the end of the paid term, subject to backup rotation, legal obligations, fraud prevention, dispute resolution, and security needs.

9. International Transfers

We and our service providers may process personal data in countries other than your own. Where required by law, we implement appropriate safeguards for cross-border transfers, such as contractual protections.

10. Security

We use reasonable technical, organizational, and administrative safeguards designed to protect personal data. However, no system can be guaranteed to be completely secure, and you use the Service at your own risk.

11. Your Rights and Choices

Depending on where you live, you may have rights such as:

  • access to personal data we hold about you;
  • correction of inaccurate personal data;
  • deletion of personal data;
  • restriction or objection to certain processing;
  • portability of certain personal data; and
  • withdrawal of consent where processing is based on consent.

To exercise your rights, contact us at [email protected]. We may need to verify your identity before responding.

12. Children's Privacy

The Service is not intended for children. We do not knowingly collect personal data from children in violation of applicable law.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy, revise the "Last updated" date, and where appropriate provide additional notice.

14. Contact